cleanups... and more modular design.

4 files changed, 88 insertions, 46 deletions

diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 71e2708f6a..53f8c8f2f6 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -28,26 +28,20 @@ int gen_anon_client_kx( GNUTLS_KEY, opaque**);
 int proc_anon_server_kx( GNUTLS_KEY, opaque*, int);
 int proc_anon_client_kx( GNUTLS_KEY, opaque*, int);
 
-int gen_anon_client_cert_vrfy( GNUTLS_KEY, opaque**);
-int proc_anon_client_cert_vrfy( GNUTLS_KEY, opaque*, int);
-
-int gen_anon_server_cert_vrfy( GNUTLS_KEY, opaque**);
-int proc_anon_server_cert_vrfy( GNUTLS_KEY, opaque*, int);
-
 MOD_AUTH_STRUCT anon_auth_struct = {
 	"ANON",
 	gen_anon_server_kx,
 	NULL,
 	NULL,
 	gen_anon_client_kx,
-	gen_anon_client_cert_vrfy,
-	gen_anon_server_cert_vrfy,
+	NULL,
+	NULL,
 	proc_anon_server_kx,
 	NULL,
 	NULL,
 	proc_anon_client_kx,
-	proc_anon_client_cert_vrfy,
-	proc_anon_server_cert_vrfy
+	NULL,
+	NULL
 };
 
 int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) {
@@ -241,20 +235,3 @@ int proc_anon_client_kx( GNUTLS_KEY key, opaque* data, int data_size) {
 
 	return 0;
 }
-
-int gen_anon_client_cert_vrfy( GNUTLS_KEY key, opaque** data) {
-	(*data) =  NULL;
-	return 0;
-}
-int gen_anon_server_cert_vrfy( GNUTLS_KEY key, opaque** data) {
-	(*data) =  NULL;
-	return 0;
-}
-int proc_anon_client_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) {
-	/* no certificate check in anonymous KX */
-	return 0;
-}
-int proc_anon_server_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) {
-	/* no certificate check in this algorithm */
-	return 0;
-}
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index affd0bbc64..6c75ac3971 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -139,17 +139,13 @@ static gnutls_compression_entry compression_algorithms[] = {
 
 
 /* Key Exchange Section */
-#define GNUTLS_KX_ALGO_ENTRY(name, server_cert, server_kx, server_kx2, client_kx, client_kx0, client_cert, RSA_premaster, DH_public_value, auth_struct) \
-	{ #name, name, server_cert, server_kx, server_kx2, client_kx, client_kx0, client_cert, RSA_premaster, DH_public_value, auth_struct }
+#define GNUTLS_KX_ALGO_ENTRY(name, server_cert, client_cert, RSA_premaster, DH_public_value, auth_struct) \
+	{ #name, name, server_cert, client_cert, RSA_premaster, DH_public_value, auth_struct }
 
 struct gnutls_kx_algo_entry {
 	char *name;
 	KXAlgorithm algorithm;
 	int server_cert;
-	int server_kx;
-	int server_kx2;
-	int client_kx;
-	int client_kx0;
 	int client_cert;
 	int RSA_premaster;
 	int DH_public_value;
@@ -158,13 +154,13 @@ struct gnutls_kx_algo_entry {
 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
 
 static gnutls_kx_algo_entry kx_algorithms[] = {
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_ANON_DH, 0, 1, 0, 1, 0, 0, 0, 1, &anon_auth_struct),
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_RSA,     1, 0, 0, 1, 0, 1, 1, 0, NULL),
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_DSS, 1, 1, 0, 1, 0, 1, 0, 0, &dhe_dss_auth_struct),
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_RSA, 1, 1, 0, 1, 0, 1, 0, 0, NULL),
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_DSS,  1, 0, 0, 1, 0, 1, 0, 0, NULL),
-	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_RSA,  1, 0, 0, 1, 0, 1, 0, 0, NULL),
-//	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_SRP,  0, 1, 1, 0, 1, 0, 0, 0, &srp_auth_struct),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_ANON_DH, 0, 0, 0, 1, &anon_auth_struct),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_RSA,     1, 1, 1, 0, NULL),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_DSS, 1, 1, 0, 0, &dhe_dss_auth_struct),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DHE_RSA, 1, 1, 0, 0, NULL),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_DSS,  1, 1, 0, 0, NULL),
+	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_DH_RSA,  1, 1, 0, 0, NULL),
+//	GNUTLS_KX_ALGO_ENTRY(GNUTLS_KX_SRP,   0, 0, 0, 0, &srp_auth_struct),
 	{0}
 };
 
@@ -569,8 +565,14 @@ inline int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm)
 int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm)
 {
 	size_t ret = 0;
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the kx2 generation then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_kx);
+	if (ret2!=NULL) ret = 1;
 
-	GNUTLS_KX_ALG_LOOP(ret = p->server_kx);
 	return ret;
 
 }
@@ -578,8 +580,14 @@ int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm)
 int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm)
 {
 	size_t ret = 0;
-
-	GNUTLS_KX_ALG_LOOP(ret = p->server_kx2);
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the kx2 generation then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_kx2);
+	if (ret2!=NULL) ret = 1;
+	
 	return ret;
 
 }
@@ -587,16 +595,58 @@ int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm)
 int _gnutls_kx_client_key_exchange0(KXAlgorithm algorithm)
 {
 	size_t ret = 0;
-
-	GNUTLS_KX_ALG_LOOP(ret = p->client_kx0);
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the kx0 generation then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_process_client_kx0);
+	if (ret2!=NULL) ret = 1;
+	
 	return ret;
 
 }
 int _gnutls_kx_client_key_exchange(KXAlgorithm algorithm)
 {
 	size_t ret = 0;
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the kx0 generation then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_process_client_kx);
+	if (ret2!=NULL) ret = 1;
+	return ret;
+
+}
+
+
+int _gnutls_kx_client_cert_vrfy(KXAlgorithm algorithm)
+{
+	size_t ret = 0;
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the cert_vrfy function then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_client_cert_vrfy);
+	if (ret2!=NULL) ret = 1;
+	
+	return ret;
 
-	GNUTLS_KX_ALG_LOOP(ret = p->server_kx);
+}
+
+int _gnutls_kx_server_cert_vrfy(KXAlgorithm algorithm)
+{
+	size_t ret = 0;
+	void* ret2=NULL;
+	
+	/* if the auth algorithm does not have a null value 
+	 * for the cert_vrfy function then it supports it!
+	 */
+	GNUTLS_KX_ALG_LOOP(ret2 = p->auth_struct->gnutls_generate_server_cert_vrfy);
+	if (ret2!=NULL) ret = 1;
+	
 	return ret;
 
 }
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 2e12002964..6a5673dae2 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -59,13 +59,21 @@ char *_gnutls_cipher_get_name(BulkCipherAlgorithm algorithm);
 /* functions for key exchange */
 int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm);
 int _gnutls_kx_server_certificate(KXAlgorithm algorithm);
+
+/* key exchange */
 int _gnutls_kx_server_key_exchange(KXAlgorithm algorithm);
 int _gnutls_kx_server_key_exchange2(KXAlgorithm algorithm);
 int _gnutls_kx_client_key_exchange(KXAlgorithm algorithm);
 int _gnutls_kx_client_key_exchange0(KXAlgorithm algorithm);
+/* client certificate */
 int _gnutls_kx_client_certificate(KXAlgorithm algorithm);
 int _gnutls_kx_RSA_premaster(KXAlgorithm algorithm);
 int _gnutls_kx_DH_public_value(KXAlgorithm algorithm);
+
+/* cert vrfy */
+int _gnutls_kx_client_cert_vrfy(KXAlgorithm algorithm);
+int _gnutls_kx_server_cert_vrfy(KXAlgorithm algorithm);
+
 MOD_AUTH_STRUCT * _gnutls_kx_auth_struct(KXAlgorithm algorithm);
 char *_gnutls_kx_get_name(KXAlgorithm algorithm);
 int _gnutls_kx_is_ok(KXAlgorithm algorithm);
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index db184331b7..33a01c0b23 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -236,10 +236,17 @@ int _gnutls_send_client_certificate_verify(int cd, GNUTLS_STATE state)
 	uint8 *data;
 	int ret = 0;
 	int data_size;
+	KXAlgorithm algorithm =
+	    _gnutls_cipher_suite_get_kx_algo
+	    (state->gnutls_internals.current_cipher_suite);
 
 	/* if certificate verify is not needed just exit */
 	if (state->gnutls_internals.certificate_verify_needed==0) return 0;
 
+	if (_gnutls_kx_client_cert_vrfy(algorithm)==0) {
+		return 0; /* this algorithm does not support cli_cert_vrfy */
+	}
+	
 #ifdef HARD_DEBUG
 	fprintf(stderr, "Sending client certificate verify message\n");
 #endif